[pfx] Re: messages passing DMARC are being rejected as failing

as failing CAUTION: This email was sent from an external sender. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 24.07.23 16:03, Gomes, Rich via Postfix-users wrote: >Clarification below: I see no clarification, just added disclai

[pfx] Re: messages passing DMARC are being rejected as failing

Clarification below: From: Gomes, Rich via Postfix-users Sent: Monday, July 24, 2023 11:27 AM To: postfix-users@postfix.org Subject: [pfx] messages passing DMARC are being rejected as failing CAUTION: This email was sent from an external sender. Do not click links or open attachments unless

[pfx] messages passing DMARC are being rejected as failing

haven't tried to engage with Gmail yet. Has anyone see this specific behavior from Comcast and Gmail? Thanks, Rich Rich Gomes | Aramark | Senior Systems Administrator | Messaging and Collaboration Services 141 Longwater Drive Norwell, MA 02061 P: 1 (781) 763-4508

Which dkim solution?

We have a requirement to sign outbound messages with DKIM keys. I have seen discussions on this list for people using dkim-milter as well as opendkim. dkim-milter hasn't been updated since 2009 while opendkim hasn't been updated since 2015. dkimpy is more actively maintained but hasn't been

INVALID MessageID reporting?

message id and the From address? Thanks in advance Rich Rich Gomes | Aramark | Senior Systems Administrator | Messaging and Collaboration Services 141 Longwater Drive Norwell, MA 02061 P: 1 (781) 763-4508

RE: new install ignores transport file?

file? CAUTION: This email was sent from an external sender. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 8/5/2021 12:07 PM, Gomes, Rich wrote: > Good day > > I have a newly built postfix server which is ignoring it's t

new install ignores transport file?

il_version = 2.6.6 New Server: Red Hat Enterprise Linux Server release 7.9 (Maipo) mail_version = 2.10.1 Could this be a versioning issue or do I need to look somewhere else? Thanks, Rich

Re: Limiting HELO spoofing in Postfix?

ard { type filter hook forward priority 0; policy accept; } chain output { type filter hook output priority 0; policy accept; } } Rich Wales ri...@richw.org

Re: Limiting HELO spoofing in Postfix?

h the info I've been posting up till now about my server, that may be why. Rich Wales ri...@richw.org submission inet n - n - - smtpd -v -o smtpd_enforce_tls=yes -o soft_bounce=no -o cleanup_service_name=msa-cleanup -o content_filter=smtp-ama

Re: Limiting HELO spoofing in Postfix?

t;. I'm still waiting to see if I have any more instances of open relay attempts from localhost after having made this change. If the earlier open relay attempts are in fact somehow (still unsure how?) being generated as a consequence of the blacklisted connection, then maybe having postscreen

Re: Limiting HELO spoofing in Postfix?

s might be worth. Thanks for any thoughts. Rich Wales ri...@richw.org

Re: Limiting HELO spoofing in Postfix?

consider wiping and rebuilding the system, but I'm not willing to expend the time and energy to do that without first having some reasonably specific evidence indicating exactly what has happened. Rich Wales ri...@richw.org

Re: Limiting HELO spoofing in Postfix?

supposed to recognize and do anything with is a "page=" parameter. Everything else on the command line / URL should be disregarded. Rich Wales ri...@richw.org

Re: Limiting HELO spoofing in Postfix?

nd will review my security before putting them back (or, more properly, installing fresh scripts from the project). The logs showed about 20 accesses to my honeypot scripts, but none around the dates of interest. And I have still not seen any further instances of the hacker attack in the last several days. Rich Wales ri...@richw.org

Re: Limiting HELO spoofing in Postfix?

2 responses to "GET /nette.micro" requests appear, as best I can tell, to have all been simple redirections from HTTP to HTTPS. The corresponding HTTPS GET requests were all rejected with 404 codes. Rich Wales ri...@richw.org

Re: Limiting HELO spoofing in Postfix?

roblem, but it seems to me like a very useful thing for Postfix to be able to do. If this option is intentionally not and most likely never will be part of Postfix, I would be grateful for an explanation of why it is not actually helpful, even if it might appear to be at first glance. Rich Wales ri...@richw.org

Limiting HELO spoofing in Postfix?

sing through milters and such. But what I want to know is if any such option exists at all. Rich Wales ri...@richw.org

Re: Mail server recently became an open relay

-mail or TCP connections already for its own legitimate purposes, but being co-opted by a hacker to nefarious ends? Or could *any* PHP script theoretically be infected in a way that would cause this misbehaviour? Rich Wales ri...@richw.org

Re: Mail server recently became an open relay

y the same NAT/proxy path as the spam did. I'll continue searching for any possible security hole on my firewall appliance, though. Rich Wales ri...@richw.org

Re: Mail server recently became an open relay

Sorry, when I said "chronologically last 'Received:' line" in my earlier e-mail, I meant to say "chronologically first (physically last)".  Mea culpa. Rich Wales ri...@richw.org

Re: Mail server recently became an open relay

d delivered via this server retain the sending host's identity, btw, and are not rewritten to claim they came from localhost. Rich Wales ri...@richw.org

Re: Mail server recently became an open relay

ission would also help. Thanks. I'll look into this. Rich Wales ri...@richw.org

Re: Mail server recently became an open relay

) for the "smtpd" line in my master.cf, in hopes that this may capture some additional detail of inbound SMTP sessions. Any other debugging suggestions would be welcomed. I'll be back when I have something reasonably useful for you to look at. Rich Wales ri...@richw.org

Re: Mail server recently became an open relay

the GBUDB blacklist site. The next time I see this happen -- could be tomorrow, could be weeks from now, I have no idea when -- I'll gladly forward a copy of my "mailq" output. I deleted my earlier evidence, I'm afraid. Rich Wales ri...@richw.org

Mail server recently became an open relay

coming via an open relay, but it still passes them. What confuses me is that I would expect Postfix to have identified and rejected these messages during the initial SMTP dialogue with the sender, and they should never reach amavisd-new. Any suggestions gratefully welcome. Rich Wales ri...

Re: Outgoing DANE not working

On Wed, May 20, 2020 at 05:41:46PM -0400, Wietse Venema wrote: > Rich Felker: > [dnssec end-to-end probe, log a warning if for any reason results > do not have the authentic data' bit set]'. > > This sounds like a great plan that will also mitigate the problem of > >

Re: Outgoing DANE not working

aised concerns about that again on libc-alpha: https://sourceware.org/pipermail/libc-alpha/2020-May/114174.html > Postfix would still disable the res_nxxx() calls into libc-musl, but > that would be safe, even if those calls end up to get added later. Can you do this via the published __RES API version in resolv.h, rather than probing ldd? The latter is flaky and will get wrong result in various cases I mentioned before. Rich

Re: Outgoing DANE not working

atch musl so they may end up not needing it. I think with latest glibc though you'd also need to force the trust-ad flag, or glibc would strip AD from the result. Given how AD interacts with DANE, it seems like stripping it is a really bad idea (disables DANE), and we should probably push for glibc to reconsider doing it at all... Rich

Re: Outgoing DANE not working

On Tue, May 19, 2020 at 06:51:57PM -0400, Viktor Dukhovni wrote: > On Tue, May 19, 2020 at 04:08:32PM -0400, Rich Felker wrote: > > > I'm not encouraging any to do that; rather I've encouraged them to > > take measures to both: > > > > (1) ensure that DANE is n

Re: Outgoing DANE not working

On Tue, May 19, 2020 at 01:25:52PM -0400, Wietse Venema wrote: > Rich Felker: > > On Tue, May 19, 2020 at 11:11:56AM -0400, Wietse Venema wrote: > > > Rich Felker: > > > > On Tue, May 19, 2020 at 10:23:18AM -0400, Wietse Venema wrote: > > > > >

Re: Outgoing DANE not working

On Tue, May 19, 2020 at 11:11:56AM -0400, Wietse Venema wrote: > Rich Felker: > > On Tue, May 19, 2020 at 10:23:18AM -0400, Wietse Venema wrote: > > > Rich Felker: > > > > The is fundamentally no build-time test possible for this. Even if we > > > &g

Re: Outgoing DANE not working

On Tue, May 19, 2020 at 10:23:18AM -0400, Wietse Venema wrote: > Rich Felker: > > The is fundamentally no build-time test possible for this. Even if we > > were willing to make flags for each bug (or missing feature) that was > > ever fixed indicating the change, that would

Re: Outgoing DANE not working

On Tue, May 19, 2020 at 09:22:59AM -0400, Wietse Venema wrote: > Viktor Dukhovni: > > Robust detection of MUSL features at build time would be much > > appreciated. Precludes any tests that depend on live DNS queries. > > The tests need to *statically* test the features of the platform's > > C

Re: Outgoing DANE not working

On Tue, May 19, 2020 at 05:06:10AM -0400, Viktor Dukhovni wrote: > On Tue, May 19, 2020 at 01:44:30AM -0400, Rich Felker wrote: > > > > This sounds reasonable. Will there be a way for Postfix to detect the > > > new library version, so that we don't disable DANE for

Re: Outgoing DANE not working

On Mon, May 18, 2020 at 10:38:14PM -0400, Viktor Dukhovni wrote: > On Mon, May 18, 2020 at 09:37:36PM -0400, Rich Felker wrote: > > > > Mostly dig, unbound-host, ... Most of the platform C libraries support > > > DO=1, which obviates the need fo

Re: Outgoing DANE not working

broken nameservers/networks still that can't handle AD in queries, the standard, widely-used, high-level lookup APIs will still work, and at worst res_query breaks. Note that the netdb.h functions have no use for the AD bit and no way to pass it back to the caller, so there is no reduction in functionality by having them clear it. Rich

Re: PATCH: Glibc-2.31 DNSSEC and GCC 10

g the AD bit into place, then res_send. This is what I'll probably be recommending Alpine and other distros do in the mean time (via a patch) until they have an upstream solution, since it's a really easy and non-invasive change to make. As stated before I'd also like to have a solution in next musl release and hopefully will.x Rich

Re: PATCH: Glibc-2.31 DNSSEC and GCC 10

On Sat, Apr 18, 2020 at 03:01:08PM -0400, Viktor Dukhovni wrote: > On Sat, Apr 18, 2020 at 01:04:58PM -0400, Rich Felker wrote: > > > > You can consider libc-musl as unsupported from now on. > > > > I am really not appreciating the hostility and utterly petty >

Re: PATCH: Glibc-2.31 DNSSEC and GCC 10

On Sat, Apr 18, 2020 at 10:59:51AM -0400, Wietse Venema wrote: > Rich Felker: > > > It would be a mistake to use TLSA records from an unsigned domain. > > > That would be no more secure than accepting a random server > > > certificate. All the pain of doing T

Re: PATCH: Glibc-2.31 DNSSEC and GCC 10

On Fri, Apr 17, 2020 at 06:59:53PM -0400, Wietse Venema wrote: > Rich Felker: > > I can see where it could be desirable to log whether delivery was made > > based on a TLSA record in a signed domain vs an unsigned one, and this > > necessitates being able to see the

Re: PATCH: Glibc-2.31 DNSSEC and GCC 10

On Fri, Apr 17, 2020 at 07:01:26PM -0400, Viktor Dukhovni wrote: > On Fri, Apr 17, 2020 at 06:52:48PM -0400, Rich Felker wrote: > > > > There are (unsigned) domains where any attempt to look up TLSA records > > > times out or otherwise fails. If DANE is t

Re: PATCH: Glibc-2.31 DNSSEC and GCC 10

On Fri, Apr 17, 2020 at 06:27:27PM -0400, Viktor Dukhovni wrote: > On Fri, Apr 17, 2020 at 06:19:18PM -0400, Rich Felker wrote: > > > This reasoning is why I consider it harmful to limit use of DANE > > records to situations where the DNS lookup is "trusted" to have b

Re: PATCH: Glibc-2.31 DNSSEC and GCC 10

usted. The right behavior (regardless of what any RFC says) is to use any TLSA records you're able to lookup. If the configured nameservers are validating DNSSEC and your link to them is secure, you get the full protection DANE provides. If they're not, the behavior is no worse (and in many ways better) than what you'd get by not having DANE at all. Yes an attacker could perform DoS by giving you invalid TLSA records or MITM the connection by providing ones for a key they control, but if you switch DANE completely off then an attacker in the same position can do these things anyway. Rich

Re: Outgoing DANE not working

es latency because that server is more likely to have the large > response in its cache. I'm not talking about future queries but other unfinished queries that are part of the same operation (presently just concurrent A and lookups). Rich

Re: Outgoing DANE not working

On Wed, Apr 15, 2020 at 07:19:43PM +0200, Florian Weimer wrote: > * Rich Felker: > > > This is true for users running local nameservers, which ideally will > > eventually be everyone, but at present that's far from the case. > > Differences like concurrent attempts f

Re: Outgoing DANE not working

On Tue, Apr 14, 2020 at 02:16:20AM -0400, Viktor Dukhovni wrote: > On Mon, Apr 13, 2020 at 11:53:03PM -0400, Rich Felker wrote: > > > > Your local nameserver has already done the TCP failover and paid the > > > cost of obtaining the full RRset, your stub resolver is ju

Re: Outgoing DANE not working

need to know which records were validated in > > > signed domains, and which are "insecure" responses from unsigned > > > domains. That's what the AD bit is for, and you're not setting > > > it in requests, and so it does not come back in the response. > > > > Can you describe why? > > I can, but you can just read RFC 7672 if you like, I've already > explained it there. Bottom line, it is needed. > > > Is it only for the sake of not using TLSA > > records in unsigned domains? That kind of policy can be implemented at > > the resolver level > > It cannot and should not be implemented at the resolver level. Noted that this is your position. :-) Rich

Re: Outgoing DANE not working

On Mon, Apr 13, 2020 at 03:04:12PM -0400, Viktor Dukhovni wrote: > On Mon, Apr 13, 2020 at 02:35:22PM -0400, Rich Felker wrote: > > > > The problem can be partly resolved by setting the "AD" bit in the > > > outgoing DNS query header sent by the musl-libc st

Re: Outgoing DANE not working

ve come out of this discussion. >From my perspective, what would work best with what's always been the intended DNSSEC usage model of musl would be if Postfix supported use of DANE with smtp_dns_support_level=enabled, i.e. outsourcing all DNSSEC functionality to the nameserver. Rich

Re: How to make Postfix use hostnames from /etc/hosts ?

. Sure enough, there sits the original message (and attachments) I sent. That they don't think of looking there on a daily basis, or when not receiving expected communications, is a non-technical issue. Glad you fixed your problem. Rich

RE: ldap lookups timing out?

the sender and know the content is safe. On Thu, Aug 22, 2019 at 05:19:37PM +, Gomes, Rich wrote: > I am seeing a lot of Temporary lookup failure errors in the maillog. > At first I thought it was an issue related to reverse DNS lookups as > each of the sending servers had no rever

ldap lookups timing out?

g to route it to the preferred relay. This way localhost can handle the retries since the application quits on anything other than a 200-level error. Thanks, Rich Rich Gomes | Aramark | Senior Systems Administrator | Messaging and Collaboration Services 141 Longwater Drive Norwell, MA

Re: Format of ip address in /etc/postfix/access

The best English phrase to use here would be "unnecessary leading zeroes". Rich Wales ri...@richw.org

Re: Post-upgrade script finds wrong version

nt machine? Must have copied that directory from the existing desktop. Fixing the version number in main.cf allowed set_permissions upgrade_configuration to run and upgrade master.cf too. Thanks very much, Rich

Post-upgrade script finds wrong version

-permissions script so I can fix the version error. What is the proper way to resolve this issue? TIA, Rich

Re: Ownership question

corrections in a text file and it was only this last upgrade that was different. Many thanks for your all your efforts on postfix over the years. Best regards, Rich

Re: Ownership question

On Thu, 4 Jul 2019, @lbutlr wrote: Slackware issue? Likely not. I've used the same build script for years. All the directories in /var/spool/postfix are owned by postfix except for pid, which is owned by root. Thank you. That's why the logwatch warnings puzzled me. Regards, Rich

Ownership question

-xr-x 2 postfix root 4096 Jun 23 07:57 pid/ drwx-- 2 postfix postfix 4096 Jun 23 07:57 private/ drwx--x--- 2 postfix postdrop 4096 Jun 23 07:57 public/ drwx-- 2 postfix postfix 4096 Jun 23 07:57 saved/ drwx-- 2 postfix postfix 4096 Jun 23 07:57 trace/ Puzzled, Rich

Re: Greylisting -- current recommendations?

parameter to tell the postscreen server to reject new(ish) clients for a specified minimum period of time before stepping out of the way and allowing them to pass? At the moment, it seems to me that requiring a minimum of 5 minutes after the first soft rejection should be more than sufficient. Rich

Greylisting -- current recommendations?

(www.postfix.org/postconf.5.html) propose using address_verify_poll_count=1 as "a crude form of greylisting"; how well do people find this to work in practice? Any other suggestions? Rich Wales ri...@richw.org

Re: Finding reason for smtpd rejections

were listed separately by pflogsumm is not obvious when I look at the list grep returned. Thanks, Rich

Finding reason for smtpd rejections

identify these two messages in /var/log/maillog.1 among all the logged incoming messages to this address. TIA, Rich

Re: Upgrade to -3.2.5: permissions question

On Sun, 28 Jan 2018, Wietse Venema wrote: Please tell the maintainer that it they need to run the command, not the user. Wietse, I'll do this. Thanks, Rich

Re: Upgrade to -3.2.5: permissions question

that the maintainer does write to run the set-permissions script. Regards, Rich

Re: Upgrade to -3.2.5: permissions question

ee: http://www.postfix.org/PACKAGE_README.html Will do. Thanks again, Rich

Re: Upgrade to -3.2.5: permissions question

it) from now on. Regards, Rich

RE: Upgrade to -3.2.5: permissions question

neglected in my post-installation notes was to change the group to postdrop for those two scripts prior to running set-gid on them. Thanks very much, Rich

Upgrade to -3.2.5: permissions question

system Jan 28 09:31:55 salmo postfix/master[16126]: daemon started -- version 3.2.5, configuration /etc/postfix I've not seen these warnings in prior upgrades and would appreciate learning what I need to change to remove them. Regards, Rich

Re: No messages delivered to INBOX [RESOLVED]

On Tue, 16 Jan 2018, Rich Shepard wrote: Running postfix-3.2.4 on Slackware-14.2. My server and workstation are on the same host. Yesterday, about mid-day, messages to me stopped being delivered to my INBOX. /var/spool/mail shows: Earlier today I added another recipe to ~/procmail

Re: No messages delivered to INBOX

On Wed, 17 Jan 2018, Matus UHLAR - fantomas wrote: on some systems I maintain there was "VERBOSE=yes" and procmail logged path to the created file within maildir. try setting VERBOSE=yes at the begin of your procmail rc file. Matus, Thanks for clarifying. Here is ~/.procmailrc:

Re: No messages delivered to INBOX

addresses. If I mis-understand your question let me know what additional information I can provide and I will send it. Thanks, Rich

Re: No messages delivered to INBOX

Procmail then looks at each recipe for the mail lists and finds no matches. Nothing's changed here from before mail stopped being sent to the default file. Now I need to find why it sees the default but is not passing mail there. Rich

Re: No messages delivered to INBOX

t was passed to procmail but not delivered to my inbox. Now I need to figure out why since the only changes to the recipes were the addition of two rules for two mail lists. Thanks, Rich

No messages delivered to INBOX

that the filters missed. In the 20+ years I've run postfix this has not before happened and I've no idea how to identify the source of the issue. Please advise me on how I can find the problem. TIA, Rich

Re: Finding why outbound mail is delayed

EdgeRouter-X failed the day after it was put into service. I've contacted Amazon and they're sending a replacement. My thanks to everyone, Rich

Re: Finding why outbound mail is delayed

Saturday. I've put the old router back in service, but messages to one mail list are still delayed. Thanks, Rich

Re: Finding why outbound mail is delayed

al line is the end of this one: #smtp_data_restrictions = reject_multi_recipient_bounce Now on one line again. soft_bounce = yes This can make messages linger that should have bounced. Should not be on long-term. Thank you. Changed to 'no'. Rich

Re: Finding why outbound mail is delayed

map. I don't relay outbound mail any longer. Frontier Communications opens Port 25 by default on business accounts, and some messages are delivered. Thanks, Rich

Re: Finding why outbound mail is delayed

On Mon, 13 Nov 2017, Viktor Dukhovni wrote: http://www.postfix.org/DEBUG_README.html#mail Victor, I had looked at that page and checked many of the items. Include logs showing the complete history of a delayed message (all log entries with the problem queue-id). The only one found in

Finding why outbound mail is delayed

Running postfix-3.2.4 here on Slackware-14.2. I am a professional services sole practitioner, not a professional system or network admin. After several years having outbound mail forwarded through my ISP's mail server I changed ISPs and now have a static IP address. The other recent change

Re: Ownership question: version 3.2.2

On Sun, 25 Jun 2017, Wietse Venema wrote: See comment above: run "postfix set-permissons". Thanks, Wietse. I ran 'chown -R root /var/spool/postfix/pid/' with postfix stopped. When re-started nor warnings were displayed. Regards, Rich

Re: Ownership question: version 3.2.2

I use a SlackBuilds.org script. Perhaps that's considered 'doing things by hand,' but it's what I've used for almost two decades. I'll contact the package maintainer about running postfix set-permissions. Thanks, Rich

Ownership question: version 3.2.2

running, but I would like to understand why the warning is present. Rich

RE: dict_ldap_lookup questions

, 2017 2:43 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: dict_ldap_lookup questions > On Feb 10, 2017, at 2:27 PM, Gomes, Rich <gomes-r...@aramark.com> wrote: > > The reason the query is setup like that is we have several internal > domains and a user m

RE: dict_ldap_lookup questions

done | time postmap -q - ldap:/table/file.cf -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Gomes, Rich Sent: Friday, February 10, 2017 2:49 PM To: Postfix users <postfix-users@postfix.org> Subject: RE: dict_ldap_loo

RE: dict_ldap_lookup questions

fix-users@postfix.org> Subject: Re: dict_ldap_lookup questions > On Feb 10, 2017, at 2:27 PM, Gomes, Rich <gomes-r...@aramark.com> wrote: > > The reason the query is setup like that is we have several internal > domains and a user may have an alias for one

RE: dict_ldap_lookup questions

t 1:15 PM, Gomes, Rich <gomes-r...@aramark.com> wrote: > > domain = first.com, second.com, third.com, fourth.com, fifth.com, > sixth.com server_host = pool.internal.domain.com search_base = > dc=internal, dc=domain, dc=com version = 3 > > # Filter > query_filter = (&

RE: dict_ldap_lookup questions

ompassword # Filter query_filter = (&(objectclass=person)(proxyAddresses=smtp:%s)) leaf_result_attribute = proxyAddresses Thanks for the assistance Rich -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Viktor Dukhovn

RE: dict_ldap_lookup questions

10, 2017 12:33 PM To: postfix-users@postfix.org Subject: Re: dict_ldap_lookup questions On Fri, Feb 10, 2017 at 05:21:18PM +, Gomes, Rich wrote: > Can you point me in the right direction for indexing? > All I can find is adding this line to the config: > result_attribute = m

RE: dict_ldap_lookup questions

...@postfix.org] On Behalf Of Viktor Dukhovni Sent: Friday, February 10, 2017 12:09 PM To: Postfix users <postfix-users@postfix.org> Subject: Re: dict_ldap_lookup questions > On Feb 10, 2017, at 12:01 PM, Gomes, Rich <gomes-r...@aramark.com> wrote: > > warning: dict_ldap_lookup: Searc

dict_ldap_lookup questions

random...@someinternaldomain.com<mailto:somerandom...@someinternaldomain.com> each time it received an email for it within a specified time-frame. Thanks, Rich

Re: masquerade_domains not working

A word to the wise. Message received. Again, thanks!

Re: masquerade_domains not working

I'm sorry Viktor, but it seems I didn't make my goal clear. Here it is again restated. Our canonical domain is example.com Two of our hosted domains are domainA.com, and domainB.com. These are not subdomains of example.com, but rather separate domains entirely that are delivered locally. The

Re: masquerade_domains not working

at 01:02:37PM -0500, Richie Rich wrote: > > Thanks for the replies. I really appreciate the help. > > > > I am already leveraging /etc/postfix/virtual to route traffic to my > "hosted > > domains". > > > > The problem I'm trying to solve, s

Re: masquerade_domains not working

to masquerade, we edit sendmail.cf and add a CN entry. Easy peasy. On Sun, Jan 15, 2017 at 1:02 PM, Richie Rich <canongu...@gmail.com> wrote: > Thanks for the replies. I really appreciate the help. > > I am already leveraging /etc/postfix/virtual to route traffic to my > "hosted do

Re: masquerade_domains not working

Thanks for the replies. I really appreciate the help. I am already leveraging /etc/postfix/virtual to route traffic to my "hosted domains". The problem I'm trying to solve, simply stated, is that I need to be able to selectively masquerade inbound email to my hosted domains. So, u...@doma.com

Re: masquerade_domains not working

Thanks for the quick response. Can you point me in a direction to accomplish what I'm trying to do? I'm totally new to postfix. Again, thanks. On Sat, Jan 14, 2017 at 2:54 PM, Viktor Dukhovni <postfix-us...@dukhovni.org > wrote: > > > On Jan 14, 2017, at 2:51 PM, Richi

masquerade_domains not working

My company, "myco.com", accepts mail for many other domains (doma.com, domb.com, etc.) All of these domains are listed in $mydestination, and are routed via /etc/aliases, or /etc/postfix/virtual. masquerade_domains = doma.com, domb.com, myco.com If I send mail to a subdomain of myco.com, like

mydestination question (local delivery for all subdomains of $mydomain)

afraid I'm misunderstanding the documentation and am missing the answer. Rich Wales ri...@richw.org

Re: Prevention of sending authentication via plaintext on port 25.

On 12/3/2016 at 10:45 AM, "John Fawcett" wrote: > >On 12/03/2016 05:25 PM, rich.gre...@hushmail.com wrote: >> Here I am, replying to my own post again. What I said in the >prior post wasn't entirely true. I realized that I used the wrong >password in my prior attempt.

  1   2   3   4   >